question

Murali-6469 avatar image
1 Vote"
Murali-6469 asked ManuelCastro-9494 commented

Azure B2C - MSAL.js Session Behavior with Multiple tabs

We're using MSAL.js 1.3.2 for interacting with Azure AD B2C for a Vuejs SPA. MSAL.js config is set to use session storage for storing its cache. As per the documentation (https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-sso#sso-between-browser-tabs) session is not allowed to be shared between different tabs when using session storage. But, when a new tab is opened existing session is being used to sign in the user automatically. We've used 'prompt = login' parameter to suppress this behavior. While this helps us to ensure that the user has to sign in manually when a new tab is opened, we're now noticing an issue with token renewal.

Here's the scenario -

  1. Login with Account 1 in the Tab 1.

  2. Open a new tab (Tab 2) and Login with Account 2.

  3. Now, in Tab 1 make a token renewal request using acquireTokenSilent() with client id as the scope - this is returning a new token with Account 2's Object ID as the Subject. (which means it is renewing the token for Account 2 instead of Account 1)

How do we suppress/control this behavior?



azure-active-directoryazure-ad-b2cazure-ad-libraries
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

alfredorevilla-msft avatar image
0 Votes"
alfredorevilla-msft answered ManuelCastro-9494 commented

Please create an issue in github. Add as much detail as possible (os, browser and version, source code, etc)


· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@murali-6469 please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

0 Votes 0 ·

Is there any solution to remove token from session storage ? We are also running in similar situation where user has logged into tab1, user clicks on another tab for same app. Then user logs out of tab1, while user can still tab2, user is not getting logout of tab2 because tab2s session storage still has token.

1 Vote 1 ·

Did you solve this issue? any solution?

0 Votes 0 ·

I have the same issue any updates about this??

0 Votes 0 ·